2020-12-18 06:40:14 +00:00
|
|
|
---
|
2021-07-18 22:02:50 +00:00
|
|
|
- name: Copy certificates from ipa-getcert directory
|
2020-12-18 06:40:14 +00:00
|
|
|
copy:
|
2021-07-18 22:02:50 +00:00
|
|
|
src: "/etc/pki/tls/certs/{{ gitlab_domain }}.crt"
|
|
|
|
dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
|
|
|
|
owner: gitlab-www
|
2020-12-18 06:40:14 +00:00
|
|
|
group: root
|
|
|
|
mode: '0644'
|
2020-12-18 08:17:53 +00:00
|
|
|
remote_src: true
|
2021-07-18 22:17:49 +00:00
|
|
|
when: "not gitlab_create_self_signed_cert|bool"
|
2020-12-18 06:40:14 +00:00
|
|
|
|
2021-07-18 22:02:50 +00:00
|
|
|
- name: Copy keys from ipa-getcert directory
|
2020-12-18 06:40:14 +00:00
|
|
|
copy:
|
2021-07-18 22:02:50 +00:00
|
|
|
src: "/etc/pki/tls/private/{{ gitlab_domain }}.key"
|
|
|
|
dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
|
|
|
|
owner: gitlab-www
|
2020-12-18 06:40:14 +00:00
|
|
|
group: root
|
2021-07-18 22:02:50 +00:00
|
|
|
mode: '0600'
|
2020-12-18 08:17:53 +00:00
|
|
|
remote_src: true
|
2021-07-18 22:17:49 +00:00
|
|
|
when: "not gitlab_create_self_signed_cert|bool"
|
2020-12-18 06:40:14 +00:00
|
|
|
|
2020-12-18 07:39:37 +00:00
|
|
|
- name: Symlink the IPA CA
|
|
|
|
file:
|
|
|
|
src: "/etc/ipa/ca.crt"
|
2020-12-18 08:17:53 +00:00
|
|
|
dest: "/etc/gitlab/trusted-certs/ipa-ca.crt"
|
2020-12-18 07:39:37 +00:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
state: link
|
|
|
|
|
2020-12-18 06:40:14 +00:00
|
|
|
- name: Turn on necessary SELinux booleans
|
|
|
|
ansible.posix.seboolean:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: true
|
|
|
|
persistent: true
|
|
|
|
loop:
|
|
|
|
- httpd_can_network_connect
|
|
|
|
- httpd_can_network_relay
|
2021-01-18 01:49:28 +00:00
|
|
|
- httpd_can_connect_ldap
|
2020-12-18 06:40:14 +00:00
|
|
|
- httpd_read_user_content
|
|
|
|
|
2021-07-18 22:02:50 +00:00
|
|
|
- name: Reconfigure gitlab is we're asked to
|
|
|
|
command: /usr/bin/gitlab-ctl reconfigure
|
|
|
|
register: gitlab_ctl_result
|
|
|
|
changed_when: "gitlab_ctl_result.rc == 0"
|
|
|
|
when:
|
2021-07-18 22:17:49 +00:00
|
|
|
- "gitlab_reconfigure_only is defined and (gitlab_reconfigure_only|bool)"
|
2020-12-18 06:40:14 +00:00
|
|
|
|
|
|
|
- name: Add firewall rules - http/s
|
|
|
|
ansible.posix.firewalld:
|
|
|
|
service: "{{ item }}"
|
|
|
|
permanent: true
|
|
|
|
state: enabled
|
|
|
|
immediate: true
|
|
|
|
loop:
|
|
|
|
- http
|
|
|
|
- https
|
|
|
|
|
2021-07-18 22:02:50 +00:00
|
|
|
- name: Deploy correct script
|
|
|
|
template:
|
|
|
|
src: "usr/local/bin/fix_gitlab_certs.sh"
|
|
|
|
dest: "/usr/local/bin/fix_gitlab_certs.sh"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0750'
|